ReversingLabs this week published a report that finds there was a 73% increase in the number of malicious open source packages discovered.

Security Boulevard is a leading cybersecurity news and information portal, offering articles, analysis, and insights on cybersecurity threats, vulnerabilities, and best practices. From the latest trends in cyber threats to expert commentary on security technologies and compliance frameworks, Security Boulevard provides resources for security professionals, IT leaders, and business executives seeking to protect their organizations from cyber attacks and data breaches.

Security Boulevard

ReversingLabs reports a 73% surge in malicious open source packages during 2025, with over 10,000 threats discovered. Node package managers (npm) accounted for 90% of attacks, primarily targeting software supply chains. The Shai-hulud attack alone compromised over 1,000 npm packages and exposed 25,000 GitHub repositories. Python Package Index saw a 43% decrease in malware. Exposed developer secrets increased 11% across major package managers, with Google Cloud, AWS, Slack, and Telegram being primary sources. Cybercriminals are shifting focus from obscure projects to widely-used open source software to maximize downstream impact.

Report: Open Source Malware Instances Increased 73% in 2025

<p>i guess its time to add another “S” to FOSS for “Secure”</p>
